Texas Department of Criminal Justice Accountability and Risk Analysis Policy and Procedures

POLICY:

The Texas Department of Criminal Justice (TDCJ) will continue to maintain sound and ethical contracting and procurement practices consistent with state and federal laws. The TDCJ is committed to transparent procurement procedures that provide for accountability, risk analysis and the prevention of fraud, waste, and abuse regarding the contractor selection process, contract provisions, and payment and reimbursement rates and methods for the goods and services for which the agency contracts.

The Agency will maintain established procedures to keep executive leadership and the Texas Board of Criminal Justice (TBCJ) apprised of any serious issue or risk or potential serious issue or risk in regard to contracting and procurement.

The following procedures and processes provide for accountability in the procurement process and provide guidance on how to identify contracts that require enhanced contract or performance monitoring.

The Contracts and Procurement Department (Department) utilizes standard forms, standard terms and conditions, contract boilerplates and procurement checklists to maintain consistency and document compliance with applicable laws, policies and procedures.

The Department is subject to the following auditing procedures:

1. Each purchaser and contract specialist in the Department reviews purchases throughout the procurement process by using standard procurement checklists that must be included in each procurement file;

2. The Department is continually audited by the Department’s Self-Assessment Auditor; and 3. The Department is randomly audited by the TDCJ Internal Audit Division, the Comptroller of Public

Accounts and the State Auditor’s Office.

Department purchasers and contract specialists are professionally certified in accordance with state law and the Comptroller of Public Accounts develops and provides the continuing education required to maintain the professional certification. All purchasing staff must attend annual classes in Ethics Training and issues related to procurements involving Historically Underutilized Businesses.

The TDCJ has established approval processes for all purchase requisitions, purchase orders and contracts and any required change documents. Change documents receive the same level of approval as original procurement documents. The higher the dollar amount of the procurement document the more levels of review and approval are required extending all the way to the TBCJ as required by Board Policy (BP-01.01).

The TBCJ has delegated to the Executive Director authority to execute contracts $1 million or greater. The Executive Director has delegated authority to execute contracts less than $1 million to the Chief Financial Officer. See Attachment A for the approval path matrix.

The TDCJ employs the Advanced Purchasing and Inventory Control System (ADPICS) for the majority of goods and services purchased. The Department processes approximately 60,000 requisitions annually through ADPICS. The automated system manages every phase of the procurement cycle to include requisitioning, requisition approvals, purchaser assignment, vendor selection, bid processing, bid tabulation, awarding the purchase order, purchase order approval, receiving, invoicing and payment for the goods or services. Internal manuals provide training tools for current and new staff who are involved in the procurement process.

Complex service and construction contracts follow a non-automated requisitioning process that follows the same approval paths that automated requisitions and purchase orders require.

Rev. 9/28/18 Page 1 of 3

Texas Department of Criminal Justice Accountability and Risk Analysis Policy and Procedures

PROCEDURES:

TDCJ Division Directors must ensure that their staff who are involved in procurement or contract management:

Adhere to the procedures for contracting and procurement as outlined in:

o Texas statutes; o Texas Administrative Code; o State of Texas Procurement and Contract Management Guide; o TDCJ Contract Management Handbook; and o TDCJ policies and procedures;

Have a proper separation of duties in regard to the procurement process that includes requisitioning, requisition approval, procurement, procurement approval, inspection and acceptance and payment processing;

Submit each purchase requisition with a complete specification or statement of work;

Document that a risk analysis has been completed for applicable proposed contracts in accordance with the State of Texas Procurement and Contract Management Guide and TDCJ Contract Management Handbook, and provide the risk analysis to the Contracts and Procurement Department to become part of the contract file; and

Evaluate each proposed contract to determine if the contract falls into one of the following categories, which require enhanced contract or performance monitoring:

o Service contracts for the direct care of offenders or treatment programs provided to offenders;

o Service contracts over $1,000,000; or

o Contracts that place a high level of risk on the agency, as determined by the above required risk analysis, regardless of the type of contract or dollar amount.

TDCJ Division Directors must appoint a Contract Manager, who will oversee the proposed contract and perform the following duties:

o As part of the planning phase of the new contract, the Contract Manager shall complete the risk analysis using the direction provided by the State of Texas Procurement and Contract Management Guide and the Risk Analysis Template and instructions (see Attachment B) provided by the Department.

o The Contract Manager, upon determining the level of risk involved with the proposed contract, shall develop and present to the Division Director the necessary risk avoidance and mitigation measures to be used for the proposed contract. This may include, but not be limited to, performance measures and sanctions, enhanced monitoring methods and technical oversight.

o As appropriate these risk avoidance and mitigation measures and techniques shall be incorporated into the solicitation.

o After the contract is awarded, the Division’s Contract Manager shall continue to assess risk based upon contract performance, delivery schedules, payment issues or any other criteria critical to the successful completion of the contract deliverables.

Rev. 9/28/18 Page 2 of 3

Texas Department of Criminal Justice Accountability and Risk Analysis Policy and Procedures

TDCJ Division Directors will inform the director of Contracts and Procurement of:

Any potential issue or risk that is identified with a contract determined to require enhanced contract or performance monitoring; or

Any potential issue or risk that may arise in the solicitation, purchasing, or contractor selection process for contracts with a value expected to exceed $1 million.

The Chief Financial Officer will report contracting issues described above to the executive director and the TBCJ.

Rev. 9/28/18 Page 3 of 3

Approval Path Matrix for Purchase Requisitions (Manual and Automated)

Requisition Amount

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Division Director

or designee

Budget

Analyst

Budget

Director

Deputy

Chief

Chief

Financial

TBCJ*

(highest department Financial Officer

review) Officer

Less than $5,000 X

Equal to $5,000 but less

than $100,000 X X

Equal to $100,000 but

less than $500,000 X X X

Equal to $500,000 but

less than $1,000,000 X X X X

Equal to $1,000,000 or

greater X X X X X X

*Texas Board of Criminal Justice

Approval Path Matrix for Contracts, Modifications, Purchase Orders and POCNs**

(Manual and Automated)

Order Amount

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Branch

Managers

Deputy

Director,

Director,

Contracts &

Deputy Chief

Financial

Chief

Financial

Executive

Director

Contracts & Procurement Officer Officer

Procurement

All orders for $10,000

but less than $100,000 X

All orders equal to

$100,000 but less than X X X X X

$1,000,000

All orders $1,000,000

or greater X X X X X X

**Purchase Order Change Notice

Modifications or POCNs that cause a contract or purchase order to cross a threshold will be reviewed and approved

by the higher authority.

In the event a designated approver is absent, the highest-level approval is all that is required. For example, the

Deputy Chief Financial Officer (DCFO) is out of the office, the Chief Financial Officer will sign in the DCFO’s place as well as their own and execute the document.

Effective 5/19/2020

RISK ANALYSIS TEMPLATE Attachment B

Requisition No:

Contract Name:

Instructions: Risk factors are indicators used to determine the risk of the contract objectives not being met. Below are some general risk factors common to most contracts. The range is a three (3) point scale used to rate the level of risk for each risk factor. Three (3) is high risk, two (2) is medium risk and one (1) is low risk. Rate each risk factor and place the value in the score column. Risk factors 1-9 apply to all contracts. For Information Technology (IT) contracts only, include risk factors 10-12. If a risk factor is not applicable to the contract place “NA” in the score column. Add the scores for all of the risk factors to get a Total Risk Assessment Score. Use the Total Risk Assessment Score Scale below to determine the overall level of risk associated with the contract.

Range Risk Factors – Commodity, Services and IT Contracts Score

1

2

3

1. Total Contract Price: What is the estimated price for the anticipated base period of the contract?

$0 - $250,000

> $250,000 to $500,000

> $500,000

1

2

3

2. Total Contract Duration: What is the anticipated overall potential contract period (base year plus option years)?

One to two years

Three to four years

> Four years

1

2

3

3. Criticality of Deliverables: Which delivery best describes your contract?

Deliverable timing is important but not critical.

Deliverable timing is critical.

Deliverable timing is critical and must take priority over other contracts.

4. Contract Failure Impact: Which of the following best describes the users impacted by a contract failure?

1 Low risk optional use contract with no legal mandate.

2 Failure will impact end-user department operations only.

3 Failure will have an agency wide impact, violate state and/or federal mandates or result in the loss of substantial funds.

Page 1 of 3

RISK ANALYSIS TEMPLATE Attachment B

5. Locations Impacted: Which of the following best describes the locations affected by this contract?

1 Contract will be implemented in or hosted from a single location.

2 Contract will be implemented across multiple agency sites.

3 Contract will be implemented statewide.

1

2

3

1

2

3

1

2

3

1

2

3

6. Availability of Resources for Contract Management: Which of the following best describes the resource requirements of this project?

Adequate staffing is readily available to manage and support the contract, including subject matter experts.

Temporary staffing is needed to supplement end-user staff to manage and/or support the contract.

Full-time consultants or temporary staffing is needed to manage and/or support the contract.

7. Complexity of Contract: Which best describes the contract’s complexity?

Simple commodity or service with clear specifications.

Complex requirements involving internal subject matter experts.

Very complex.

8. Business Process Impact: Level of impact to end user’s business process?

Business processes from a single division within an agency will be impacted.

Business processes from an entire agency will be impacted.

Business process change is statewide.

9. End User’s Training Needs: Indicate the appropriate training requirements for this contract?

End-user only training required.

Systems and end-users require training and support that can be conducted by in-house trainers.

Systems and end-users require training and support by the vendor or an outside trainer.

RISK ASSESSMENT SCORE FOR FACTORS 1-9

Page 2 of 3

RISK ANALYSIS TEMPLATE Attachment B

Range Complete Factors 10-12 for Information Technology Contracts Only

Score

1

2

3

1

2

3

1

2

3

10. Software Technology Customization: What level of customization is required for this solution?

All requirements can be satisfied with mature or Commercial Off-The-Shelf (COTS) products.

The requirement may be partially customized and partially COTS.

Fully customized solution.

11. Impact on Existing Application or Infrastructure: Which of the following best describes the impact on existing infrastructure for this contract?

Maintenance.

Product is an enhancement or replacement to the existing application or infrastructure.

Product is new and impacts other existing applications or infrastructure.

12. Interface Connectivity: Which of the following best describes the interface connectivity of the proposed system?

Not applicable or existing without new interfaces.

The new system will interface with 1-4 existing applications.

The new system will interface with 5 or more applications.

IT RISK ASSESSMENT SCORE FOR FACTORS 10-12

TOTAL RISK ASSESSMENT SCORE FOR ALL FACTORS

Total Risk Assessment Score Scale: Commodities and Services

Score 1-9 = Low Risk

Score 10-18 = Medium Risk

Score 19-27 = High Risk

Total Risk Assessment Score Scale: Information Technology

Score 1-12 = Low Risk

Score 13-24 = Medium Risk

Score 25-36 = High Risk

Page 3 of 3